Hide relationship user / post in database tables – sensitive data

  • jumust

    (@jumust)


    10 years, 9 months ago

    Hi,
    in case of external attack to the website I need to hide in the database the relationship between custom post type and users, since I’m working with sensitive data.

    Let’s say that I have a CPT “A” and a User role “Patient”. One Patient is assigned to One post.

    I need to hide (in the DB) that Patient “x” is associated to post “y”.

    Basically in the database I need to hide the user_id (coming from the wp_users table) in the field “post_author” of the wp_customposttype table.

    I was thinking to create an interim table to link both tables above, this table should do the following: USER_ID * 100 = POST_AUTHOR

    Obviously the math operation (* 100) is not known, so only administrator can gain the User_id by doing: Post_author/100 = User_id

    What would be your approach?

    Thanks

Viewing 1 replies (of 1 total)
  • catacaustic

    (@catacaustic)

    10 years, 9 months ago

    If someone has access to your database, you’ve already got more problems then someone knowing that author X is associated with post Y.

    Any any sort of scheme that you come up with the change the author ID will not be great because it will be able to be found out, so if someone will find out that scheme anyway.

    To be honest, I would not worry about this. There’s basically no reason for anything like this because you shouldn’t be allowing access to the database for people that could have issues with this in the first place. You’ll have the relationship set up in the admin area anyway, so somewhere along the line there is something that tells how that’s done, and someone will be able to find it.

    Keep in mind that someone hacking into your admin account to see the actual relationships is a while lot more likely then someone hacking into the database and reading the raw data.

Viewing 1 replies (of 1 total)

The topic ‘Hide relationship user / post in database tables – sensitive data’ is closed to new replies.